Non-Human Identity for Workloads and AI Agents
Non‑human identity (NHI) is moving from long‑lived passwords and API keys to short‑lived, machine‑issued credentials that rotate in minutes. Emerging solutions use public‑private key pairs issued via certificate authorities, TPM‑backed hardware, or software generation, keeping keys in memory rather than on disk. Standards bodies such as the IETF are drafting protocols (WIMSE, SSH‑BOT‑Auth) to standardize this shift, while the industry debates how to classify assurance levels for NHI similar to NIST’s AAL framework. The article calls for collaborative effort to define issuance policies and trust models.
Questioning the IPv8 Proposal
The IPv8 draft attempts to combine routing, address management, authentication and service configuration into a single Layer 3 protocol, but it falls short of a production‑ready design. It proposes a single global route per ASN and uses OAuth2 JWT tokens, DHCP8,...
Making Resource Holders Easier to Identify: Introducing Reg-Nr: In the RIPE Database
RIPE NCC has introduced a new "reg‑nr:" attribute to organisation objects in the RIPE Database, publishing official company registration numbers alongside existing name and country data. Approved under Numbered Work Item 21, the change now covers more than 32,000 objects,...
ADoX Deployment in the Wild
Encryption between DNS clients and resolvers is expanding, yet the recursive‑to‑authoritative link remains largely unprotected. A recent study measured real‑world ADoX (ADoT/ADoQ) deployment, finding fewer than 1 % of domains support the RFC 9539 mechanism. Adoption is highly concentrated, with One.com alone...
Towards Understanding City-Level Routing Using BGP Location Communities
Researchers have demonstrated a scalable method to infer the city‑level meaning of undocumented BGP location communities using only passive routing observations. By correlating prefix origins with the routers that attach location tags, they correctly identified 1,482 of 1,595 communities, achieving...
Introducing Region Meshes: Visualising Intra-Region Routing Paths
RIPE Atlas has introduced Region Meshes, a visual tool that maps intra‑region routing paths and IXP usage across countries. The platform aggregates monthly traceroute meshes from selected probes, enriches each hop with ASN, IXP and geolocation data, and presents the...
Noisy Routers: Investigating the Make-Up of Route Collector Data
Researchers analyzed over 80 billion BGP updates from RouteViews and found that a tiny fraction of peers, sessions, and prefixes generate the majority of traffic, inflating routing archives. The top 5 % of peers contributed roughly 56 % of all updates, with a...
Operating a Data Center with a Small Team: Engineering Lessons From Central Asia
A data centre in Central Asia runs roughly 600 servers, network gear and storage devices with just three full‑time engineers. The team relies on strict hardware standardisation, segmented management networks, dual‑host high‑availability and symptom‑based monitoring to keep services reliable despite...
Beyond the Network View: DNS-Driven Application Visibility
Network operators often lack visibility into which applications generate traffic. Researchers present an open‑source DNS‑based correlation system that enriches NetFlow and BGP data with application and CDN information, shifting analysis from a purely network‑centric to an application‑oriented view. The method...
Extending API Keys Beyond the RIPE Database
RIPE NCC is extending its API‑key authentication model from the RIPE Database to the LIR Portal services, allowing keys to be generated directly within each service while remaining centrally visible. The new design adds usage timestamps, fine‑grained permissions, modern password‑hashing...
When iBGP Full Mesh Is Actually Unnecessary
The article debunks the long‑standing belief that iBGP must operate as a full mesh, showing that the requirement is a design choice rather than a protocol mandate. Early RFCs phrased iBGP as a complete graph, but modern RFC 4271 removed that...
Ukraine as a Laboratory of Internet Resilience
Four years into Russia’s invasion, Ukraine’s Internet has not collapsed despite extensive damage to its telecom infrastructure. Roughly 25 % of cables and equipment were destroyed, representing a $1.6 billion loss, yet service persisted through rerouting, redundancy and rapid repairs. The resilience...
When ToR Instability Collapses Cross-Rack Redundancy Without Breaching SLA
The article describes a two‑rack deployment where each rack relied on a single top‑of‑rack switch, making each rack a lone failure domain. When the ToR in rack 2 became unstable, database replica loss and ARP failures occurred, yet latency and error‑rate...
How Global Digital Cooperation Entered Its Implementation Phase
The United Nations General Assembly adopted the WSIS+20 outcome document in December 2025, cementing a ten‑year architecture for global digital governance aligned with the 2030 Sustainable Digital Goals. Coupled with the Global Digital Compact adopted at the 2024 Summit of...
Peering Market at a Glance: Trends, Transformations, and the Regional Dynamics of Internet Interconnection
The latest NAMEX paper argues that the peering market isn’t shrinking, but reshaping. While some IXPs show flat membership, overall capacity keeps rising as traffic per port grows and services diversify. Regional analysis reveals mature markets like the UK focusing...